Weekly in Security 202238

2022-09-19 to 2022-09-26

One min read - 190 words


Weekly in Security is a summary of the cybersecurity news from the past week. This post covers 2022-09-19 to 2022-09-26.


Out Of Band Update: Cobalt Strike 4.7.1

Cobalt Strike released an out of band update and fixed an RCE in their teamserver. An attacker could utilized a malformed username in the Beacon configuration to basically perform XSS.

Never leave your team server exposed.

CVE-2022-40674 - libexpat

A heap use-after-free vulnerability was discovered in the XML parsing C library. The vulnerability could result in denial of service or potentially the execution of arbitrary code.

Getting all dependencies patched could take a lot of time. For the moment, at least there is not PoC available and the supply chain apocalypse is postponed.



AutoPoC Generator HoneyPoC

The core idea was to publish fake proof-of-concepts that would call back to a honey token. ZephrFish provided a great talk on his tool back at BSides London 2021 and another one at Securi-Tay 2022. The talk provides an overview of the different people, who simply ran the PoC. One key question is, whether such research could also be interpreted as malicious?